Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

MFA Overview and Setup Guide

No recent searches

    Popular Articles

            Sorry! nothing found for

            MFA Overview and Setup Guide

            Created by Russ Hartle, Modified on Mon, 31 Mar, 2025 at 10:18 AM by Russ Hartle

            OVERVIEW
            This article will go over how to configure MFA in the In-Synch RMS. This implementation of MFA requires NO internet connectivity once configured. The RMS uses advanced algorithms to determine what 6 digit code should be occurring at a specific time. Therefore to gain access to the RMS the user at each login will enter a code provided by their authenticator app. If the code provided by the cell phone matches the code we calculate behind the scenes then the user is granted access to the RMS. This implementation relies heavily on time being spot-on between the RMS and the cellular device with the authenticator. I have been advised any difference greater than 15 seconds will introduce potential problems.

            STEPS TO CONFIGURE

            1. Make sure the database being used has been dbupdated.
            2. Enable the Agency preference “MFA_ENABLED” by setting it to “T” in the agency preferences.
            3. Next step is to set the secret codes for each user account. The RMS will do this automatically by clicking the “RESET ALL MFA” button in the “Key Preferences” within the Agency Module. Secret codes are one-time passwords used as additional security for some devices, websites, etc.
            4. Next, an authenticator app will need to be obtained on a cellular device. Microsoft Authenticator, Google Authenticator, and Authy have been tested and verified. Other apps might work but would need to be tested.
            5. Log out of the RMS completely and attempt to log back into the RMS.
            6. Upon entering a username/password and hitting enter the MFA configuration window should be triggered.
            7. Open the chosen authenticator and locate the option to scan a QR Code and scan the QR code generated by the RMS (Please note you can also manually key in the authenticator secret in the authenticator as well. But scanning a QR code is much easier)
            8. Once the QR Code is scanned successfully the authenticator should display the agency username along with a code. The code refreshes every 30 seconds.
            9. If you haven’t already done so please click the “CLOSE” button on the bottom of the scan QR Code window in the In-Synch RMS.
            10. The RMS will now prompt the user to enter a passcode. Open the authenticator app, enter the code that matches the username/agency, and hit enter or the “Authenticate” button.
            11. Now take a deep breath. You have done it.

            TROUBLESHOOTING:
            - The MFA secret can be reset for an individual user account by clicking the “RESET MFA” button on the “Users” tab within the Security Module.
            - In the “AUTH_USER” table there is a column titled “MFA_FLAG”. A value of 66 is the flag that indicates the individual user is a special case that is exempt from MFA; they should be able to log in without any MFA prompt. This will be replaced by a security right in the future once the feature is working reliably. PLEASE NOTE all other values in this column should not be a concern besides 66.

            SEE ATTACHED SETUP GUIDE FOR MORE DETAILS

            Attachments (1)

            ISS MFA Setup Guide.docx
            221 KB

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Feedback sent

            We appreciate your effort and will try to fix the article

            X